The high cost of equipment in the early days of computing led to the development of time-shared computing systems that allowed multiple concurrent users to simultaneously access the computer systems. User accounts encapsulate the information particular to each individual user, such as the user's name, password, area of transient and persistent storage, configuration information, resource-usage quotas and other properties to be enforced on the user's behavior. By using user accounts, time sharing could be implemented without compromising the systems usability. Whereas previous computer system operations always directly affected the global state of the machine, operations on a user's behalf in systems implementing user accounts typically affect only the information in the user's account. In this manner, each user's actions became isolated from other users since, for the most part, they only affected the individual user's account information.
FIG. 1 lustrates the components in a conventional computer system implementing user accounts. Each operation that involves accessing the state of the system is discriminated to determine if the state being accessed is local to an individual user account or global to the entire system (and therefore shared between all user accounts). If access is to a user-local state, the discrimination procedure determines the context of the access operation, that is, which user's account information to access. In conventional systems, context may be determined by, for example, using a low-level indirection (for memory accesses), the current virtual memory page tables, or a user account reference in each process or thread control block (for system calls).
Since their invention, user accounts have proven very useful. They enhance usability when multiple individuals simultaneously use a computing system and allow for segregation of system activity based on intent. For example, conventional systems may use a supervisor user account, called “root,” to run background services. Also, web-server activities may operate as “nobody,” that is, a user account with very limited privileges. Additionally, user accounts are integral to maintaining the security of a multiple user computer system since they may be used to control which data a user may access or actions a user may perform.
One key concern of IT professionals today is how to maintain the security of computer systems and data and prevent such systems and data from unauthorized access, modification, or corruption. Security breaches may occur when unauthorized activity results in access to or use of information stored in the computer. Another form of security breach occurs when unauthorized activity changes data or prevents an authorized user from accessing data by modifying permissions, causing a system “crash,” or otherwise disrupting the operation of the computer system. Computer systems may also be corrupted unintentionally by, for example, installing or deleting new applications that have the effect of altering system files or configurations that other programs rely on.
One way to cause the system corruption and security breaches mentioned above is to surreptitiously or unintentionally modify the information accessible to a user account. Methods and systems for preventing unauthorized or unintentional modification of user account information will help increase computer system security and stability.